(Summary: I think the default outbound NAT rule doesn't include the PPTP
range)
I _believe_ this has changed, but, don't shoot me more than once if this is
a lapse of memory, or a misunderstanding on my part:
With the mono 1.2x setup at work I had set it up so that LAN was
192.168.10.1/24, DMZ was 192.168.21.1/24, and set PPTP for
192.168.22.3+192.168.22.128/28. That is, PPTP users would have '22'
addresses, and LAN users had '10' adresses. I could run a PPTP session to
work, I could access sites on internet, and the source ip address was work's
IP address.
With 1.3b2 most everything still works, but PPTP clients can no longer
access sites on the internet. I then told it to use LAN addresses
(192.168.10.7+192.168.10.128/28) for PPTP, and now PPTP clients _can_ access
internet.
When I PPTP into work with one machine, with the PPTP server set to
192.168.22.128/28, and then attempt to ping my at-home external interface,
my at-home monowall drops a packet with source address 192.168.22.128, as if
the default-generated NAT rule doesn't apply to outgoing packets with source
address in the PPTP range (unless, of course, the PPTP range is a subset of
the LAN range)
Puzzled.
/Kasper Pedersen